Scribd Logo
Upload

Welcome to Scribd!

  • Info Sec & Gov

    Uploaded by

    ashfaq123
    4 views2 pages
    Info Sec guidelines

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Info Sec guidelines

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views2 pages

    Info Sec & Gov

    Uploaded by

    ashfaq123
    Info Sec guidelines

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    INFORMATION SECURITY & GOVERNANCE SOLUTIONS

    *(A) SECURITY MANAGEMENT PROGRAM & FRAMEWORK DEVELOPMENT


    *(B) SECURITY MANAGEMENT CONTROLS
    *(C) MECHANISM FOR MEASURING PERFORMANCE & PROGRESS.

    (A) SECURITY MANAGEMENT PROGRAM & FRAMEWORK DEVELOPMENT

    Design:

    * Identify information security objectives and ensure alignment with business


    objectives
    * Understand the organization, environment, and information systems types. Along
    with the applications, system interconnections, information sharing, and related
    laws/regulations/policies
    * Identify the scope, boundaries, and applicability of the information security
    management system
    * Identify organizational roles, responsibilities, authorities, and assignment of
    security responsibilities
    * Select a minimum set of security Controls (Management, Operational, Technical).
    Base them on security objectives and applicability. Consider the organization
    environment, business, threats, and regulatory requirements
    * Refine controls using a security risk assessment procedure. (threats, impact)

    Implement:

    * Implement selected security controls


    * Document all information and the controls in the Information Security Management
    Plan Document.
    * Operate and establish process

    Monitor:

    * Monitor implemented controls


    * Conduct Security Risk Assessment. Implement security controls. Test their
    effectiveness. Determine risk to the organization.

    Review:

    * Maintain and apply Information security risk treatment


    * Continual Improvement
    * Evaluate performance, monitor, measure, and analyze security controls on a
    continuous basis
    * Conduct management reviews and communicate established metrics with stakeholders

    (B) SECURITY MANAGEMENT CONTROLS

    * Developing security policies, standards, and processes for all size companies and
    industries
    * Management control development include the standards of PCI, ISO 270001, SOC,
    NIST.

    (C) SECURITY RISK ASSESSMENT & MANAGEMENT

    * Determine all the security gaps in relation to organizations� security threats,


    vulnerabilities, and established controls
    * Conduct security risk assessment
    * Prioritize remediation activities
    * Provide implementation initiatives and roadmap

    (C) SECURITY AWARENESS & TRAINING

    * Fundamentals of Internet, computer, and information security


    * Safe surfing, data handling, data security
    * Mobile computing protection
    * Basics of security risk assessment and management

    You might also like